In today's Internet climate, it is difficult for visitors of a particular online merchant, or other type of website, to know with any degree of certainty whether the computer servers behind the website are trustworthy. This often leads to blind trust on the part of the visitor. A lack of trust can also dissuade visitors from completing a transaction with the online merchant because of fears of unknown security hazards, computer viruses, or other threats.
One method of providing mutual authentication of both client and server computers is to implement the Kerberos protocol, which allows for relatively secure communications over insecure networks. However, as implemented today, Kerberos tickets (which serve to prove the identity of users) lack a trust score to reflect an integrity evaluation of a given client machine.
Accordingly, a need remains for a way to identify and authenticate components of a client or server platform that are in a potentially improper state before a transaction occurs by informing a user about a level of integrity of various servers of an online merchant service or other website. The present application addresses these and other problems associated with the prior art.